Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/DR3Ew0FTIR5bpZHsxAzNSoXTNh0.roa
File:                     DR3Ew0FTIR5bpZHsxAzNSoXTNh0.roa (raw, json)
Hash identifier:          vXEIaw1le/eN0idBIKQSTgYdql7m2gWZqohZjmZgKRs=
Subject key identifier:   0D:1D:C4:C3:41:53:21:1E:5B:A5:91:EC:C4:0C:CD:4A:85:D3:36:1D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196FCCADB568AAE3BB8640037101AA8A975
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/DR3Ew0FTIR5bpZHsxAzNSoXTNh0.roa
Signing time:             Fri 23 May 2025 10:57:54 +0000
ROA not before:           Fri 23 May 2025 10:57:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        45.94.47.0/24 maxlen: 24
                          85.209.130.0/24 maxlen: 24
                          185.164.59.0/24 maxlen: 24
                          194.62.30.0/24 maxlen: 24
                          194.62.66.0/24 maxlen: 24
                          195.66.26.0/24 maxlen: 24
                          2a0f:8100::/29 maxlen: 29
                          2a0f:e7c4:10::/48 maxlen: 48
                          2a11:3500::/29 maxlen: 29
                          2a13:8c86:120::/48 maxlen: 48
Validation:               Failed, certificate revoked on Fri 23 May 2025 18:12:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fc:ca:db:56:8a:ae:3b:b8:64:00:37:10:1a:a8:a9:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May 23 10:57:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d1dc4c34153211e5ba591ecc40ccd4a85d3361d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:9a:1d:64:d9:e4:3e:91:85:f2:d3:9e:44:
                    91:36:22:a5:6f:57:ed:4e:92:1c:b7:03:9b:d7:68:
                    6b:09:38:17:96:b7:54:48:b1:86:a3:8b:27:87:a6:
                    25:6e:20:1b:c6:9e:00:cb:26:43:04:c6:69:85:30:
                    08:c3:ab:70:e9:a6:da:4d:48:a2:d4:30:b3:0a:18:
                    2d:a7:fd:6b:a2:96:50:b4:e5:6d:00:5b:a8:06:aa:
                    ab:76:35:bc:98:cf:4d:ad:9d:56:8f:3e:21:c4:8a:
                    33:4a:34:11:99:fe:d1:4d:2d:df:13:15:32:75:44:
                    cd:5f:92:74:04:41:de:a2:39:e7:23:57:3e:8c:14:
                    c6:fc:9c:93:30:06:38:7e:91:7a:f3:ba:ac:d1:76:
                    02:16:49:12:30:8c:2b:08:3d:c4:ce:11:38:46:eb:
                    5f:2a:46:10:cd:6a:9a:c8:b9:a2:f2:ac:a8:f1:72:
                    e4:4f:be:78:18:05:a6:31:a6:37:52:b4:7a:6f:25:
                    e2:f2:09:a6:71:e0:ad:d5:b6:53:5d:f3:90:0c:39:
                    42:e4:e9:02:8f:d7:69:d8:3a:34:19:18:b7:1c:6d:
                    67:92:af:2a:29:f2:0f:18:9b:e5:e7:9b:d5:0d:e9:
                    0b:5d:4f:21:48:d5:51:df:27:df:5d:5e:c0:08:dc:
                    ca:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1D:C4:C3:41:53:21:1E:5B:A5:91:EC:C4:0C:CD:4A:85:D3:36:1D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/DR3Ew0FTIR5bpZHsxAzNSoXTNh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.47.0/24
                  85.209.130.0/24
                  185.164.59.0/24
                  194.62.30.0/24
                  194.62.66.0/24
                  195.66.26.0/24
                IPv6:
                  2a0f:8100::/29
                  2a0f:e7c4:10::/48
                  2a11:3500::/29
                  2a13:8c86:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:ec:76:fe:4e:bd:5f:90:04:88:88:c4:11:ae:49:61:61:b7:
         09:88:12:2d:e5:ca:5c:51:0a:e2:3e:fc:ad:76:79:35:25:2f:
         8d:9f:3b:6e:68:28:f4:7e:ef:79:89:77:84:9e:ac:2a:68:db:
         c0:ba:dc:cf:bd:b1:e1:3a:86:ba:4d:aa:8b:67:fe:68:8d:3c:
         95:d4:ce:ed:21:5e:e8:5c:3a:03:c8:44:f9:69:e4:b1:c6:c4:
         37:d5:8f:6e:76:64:80:28:90:d2:cc:61:cf:64:45:fd:b3:81:
         4d:1f:13:fe:f6:a2:af:2b:2b:90:5b:af:03:2b:eb:ee:8e:24:
         3a:9e:34:f9:56:90:b6:d9:73:e3:21:41:49:1e:ae:e2:72:47:
         5c:a0:30:44:ea:c5:87:75:48:f4:96:10:4a:83:82:e4:7a:58:
         85:97:e9:bd:a5:8b:fe:d4:da:aa:2b:0a:16:60:4c:b0:78:f3:
         c5:fc:b7:0e:d6:bd:91:1c:9e:3a:66:58:5e:99:3a:26:8e:37:
         b5:56:d1:77:87:26:9d:d9:89:5f:32:42:c3:39:40:e8:28:06:
         50:bd:07:89:a2:33:47:12:d6:d4:a9:12:ac:ec:04:12:f3:55:
         ad:8a:11:d3:cd:0b:d2:c4:da:c7:0e:d6:67:12:20:da:05:11:
         4c:b3:f8:ee
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZb8yttWiq47uGQANxAaqKl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTIzMTA1NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFkYzRjMzQxNTMyMTFlNWJhNTkxZWNjNDBjY2Q0YTg1ZDMzNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGmaHWTZ5D6RhfLTnkSRNiKlb1ft
TpIctwOb12hrCTgXlrdUSLGGo4snh6YlbiAbxp4AyyZDBMZphTAIw6tw6abaTUii
1DCzChgtp/1ropZQtOVtAFuoBqqrdjW8mM9NrZ1Wjz4hxIozSjQRmf7RTS3fExUy
dUTNX5J0BEHeojnnI1c+jBTG/JyTMAY4fpF687qs0XYCFkkSMIwrCD3EzhE4Rutf
KkYQzWqayLmi8qyo8XLkT754GAWmMaY3UrR6byXi8gmmceCt1bZTXfOQDDlC5OkC
j9dp2Do0GRi3HG1nkq8qKfIPGJvl55vVDekLXU8hSNVR3yffXV7ACNzKAQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFA0dxMNBUyEeW6WR7MQMzUqF0zYdMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRFIzRXcwRlRJUjVicFpIc3hBek5Tb1hUTmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDAqBAIAATAkAwQALV4vAwQA
VdGCAwQAuaQ7AwQAwj4eAwQAwj5CAwQAw0IaMCYEAgACMCADBQMqD4EAAwcAKg/n
xAAQAwUDKhE1AAMHACoTjIYBIDANBgkqhkiG9w0BAQsFAAOCAQEAk+x2/k69X5AE
iIjEEa5JYWG3CYgSLeXKXFEK4j78rXZ5NSUvjZ87bmgo9H7veYl3hJ6sKmjbwLrc
z72x4TqGuk2qi2f+aI08ldTO7SFe6Fw6A8hE+WnkscbEN9WPbnZkgCiQ0sxhz2RF
/bOBTR8T/vairysrkFuvAyvr7o4kOp40+VaQttlz4yFBSR6u4nJHXKAwROrFh3VI
9JYQSoOC5HpYhZfpvaWL/tTaqisKFmBMsHjzxfy3Dta9kRyeOmZYXpk6Jo43tVbR
d4cmndmJXzJCwzlA6CgGUL0HiaIzRxLW1KkSrOwEEvNVrYoR080L0sTaxw7WZxIg
2gURTLP47g==
-----END CERTIFICATE-----